I'm kinda newbie to php and may be is quite simple but I need some help on this task.
I have login login form for my Admin panel. I also have database and table users set and everything works fine so far. What I want to do is one SuperAdmin which I already have it. This superadmin have full access and no limits. He can see full datas in database.
Now I whant to have 3-4 more admins where every admin have access to his rows. For example now I have table houses with inserted ids 1,2,3,4. SuperAdmin has access to four id and he can see, edit, delete, update them.
Now here need another admin which will see only row with id=1. Another admin wich will see row with id=2 and so on. In other words each admin will have his records in database and must see only them.
<?php
ob_start();
session_start();
if(isSet($_POST['submit'])) {
include('misc/db.inc.php');
$username = $_POST['username'];
$password = sha1($_POST['password'] );
$query = mysqli_query($con, "SELECT * FROM users WHERE username='".addSlashes($username)."' AND password='".addSlashes($password)."'");
$res = mysqli_num_rows($query);
if ($res == 1) {
$_SESSION['username'] = $username;
$_SESSION['password'] = $password;
$_SESSION['userobj'] = mysqli_fetch_assoc($query);
header('Location: main.php');
exit;
} else {
echo 'error';
}
} else {
?>
In table users I've make new row userType where superadmin is with 1 and other admins are with 5. How can I continue now? I guess I need some check for usertype while login. But after login how to give on each admin only the row of his access?
You need to store data in DB by privileges(permissions).
Examle: simple DB struct:
UserTypes
-------------------------
| id | title |
| 1 | SuperAdmin |
| 2 | Admin |
Users
-----------------------------------------
| id | type_id | title |
| 1 | 1 | Super |
| 2 | 2 | SimpleA_1 |
| 3 | 2 | SimpleA_2 |
| 4 | 2 | SimpleA_3 |
| 5 | 2 | SimpleA_3 |
Table1
-----------------------------------------------
| id | user_id | field_1 ... field_N
| 1 | 1 | xyz ... N
....
TableN
-----------------------------------------------
| id | user_id | field_1 ... field_N
| 1 | 1 | xyz ... N
Each row of every table (if tables are not related by another indexes) must have field user_id. After auth, you save user_id in session (for e.g.).Now, operations(select,update,delete,insert and others) with DB, you will do with abstract ... WHERE user_id=...
Use mysqli_fetch_array($query); instead of mysqli_num_rows($query);
by using mysqli_fetch_array($query); you can access userType field by executing the query and put check for userType while login.
Code Here :
$query = mysqli_query($con, "SELECT * FROM users WHERE username='".addSlashes($username)."' AND password='".addSlashes($password)."'");
$res = mysqli_fetch_array($query);
if ($res['userType'] == 1) {
echo "Superadmin";
exit;
} elseif ($res['userType'] == 5) {
echo "admin";
}
else
{
echo "error";
}
I hope it will work.